The Bootstrap Blog

News and announcements for all things Bootstrap, including new releases, Bootstrap Themes, and Bootstrap Icons.

Bootstrap 4.4.0

@mdo November 26, 2019

Bootstrap 4 has a new update with a handful of feature changes. We’ve had quite the lengthy pull request to add responsive containers—big thanks to the developers who contribute to Bootstrap for sticking with it and helping us along the way. Nearly all new features will be carried forward into Bootstrap 5, so feel free to start using them now.

Highlights

Here’s what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.

  • New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.
  • New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
  • New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
  • New add() and subtract() functions for avoiding errors and zero values from CSS’s built in calc feature.
  • New make-col-auto() mixin to make our .col-auto class available with custom HTML.
  • Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
  • Deprecated: bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they’re going away in v5.
  • Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
  • More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
  • Fixed a couple dozen CSS and JS bugs.
  • Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
  • Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.

We’ve shipped a lot more in this release, so be sure to check out the v4.4.0 ship list of closed issues and merged pull requests for more details.

Head to to the v4.4.0 docs to see the latest in action. The full release has been published to npm and will soon appear on the BootstrapCDN and Rubygems.

Support the team

Visit our Open Collective page or our team members’ GitHub profiles to help support the maintainers contributing to Bootstrap.

Introducing our Long Term Support plan

@mdo July 24, 2019

Today we’re formally announcing our Long Term Support plan, a documented approach aimed at strengthening the stability and frequency of releases. As part of this initiative, each major version of Bootstrap will receive at least six months of support after it is retired, followed by six months of critical bug fixes and security updates.

Starting today, Bootstrap 3 will move to end of life, and will no longer receive critical security updates.

Bootstrap 4 will move to Long Term Support after we release v4.4 and will no longer receive new features from then on. It will continue to receive bug fixes, security updates, and documentation updates.

Bootstrap 5 is under active development. You can follow our progress on GitHub.

A special thanks to @XhmikosR for his tireless work in pushing us forward.

Bootstrap 3.4.1 and 4.3.1

@mdo February 13, 2019

Today we’re shipping Bootstrap v4.3.1 and v3.4.1 to patch an XSS vulnerability, CVE-2019-8331. Also included in v4.3.1 is a small fix to some RFS (responsive font sizes) mixins that were added in v4.3.0.

Earlier this week a developer reported an XSS issue similar to the data-target vulnerability that was fixed in v4.1.2 and v3.4.0: the data-template attribute for our tooltip and popover plugins lacked proper XSS sanitization of the HTML that can be passed into the attribute’s value.

To resolve the issue, we’ve implemented a new JavaScript sanitizer to only allow whitelisted HTML elements in data attribute. You may modify our sanitization implementation to customize the HTML element whitelist, totally disable the sanitization, or pass your own sanitize function (useful if you use your own library). However, for added protection, there is no way to modify the sanitization via data attributes—you must modify these plugin options via the JavaScript API.

Those who have modified the default templates, please read the new v4.3 sanitizer docs or the new v3.4 sanitizer docs.

In light of this vulnerability, we’re also auditing our security reporting workflows to ensure they’re up to date. This will include steps like adding a SECURITY.md file to our repository and ensuring our private channels and processes are up to date and documented with the team.

Thank you to poiu for reporting the vulnerability to the Bootstrap Drupal project and Mark Carver from the Bootstrap Drupal project for responsibly disclosing the issue to us. Also a massive thank you to @Johann-S, @Xhmikosr, and @bardiharborow on our team for the fast turnaround on today’s releases.

Bootstrap 4.3.0

@mdo February 11, 2019

Bootstrap v4.3 has landed with over 120 combined closed issues and merged pull requests. This release brings improvements to our utilities, some prep work for moving on to v5’s development, and the standard bug fixes and documentation updates.

During our last release, we shared a small preview of where we’re taking the project next. That’s getting clearer in the coming weeks as our attention turns towards embracing Hugo for ultra fast docs development, removing jQuery in favor of regular JavaScript, and addressing our growing code base.

Keep reading for v4.3 highlights, and see you soon with more details on v5!

Highlights

We’ve added some new utilities and deprecated some unused code. Here are the key changes in v4.3, broken down by new, improved, fixed, and deprecated.

  • New: Added .stretched-link utility to make any anchor the size of it’s nearest position: relative parent, perfect for entirely clickable cards!
  • New: Added .text-break utility for applying word-break: break-word
  • New: Added .rounded-sm and .rounded-lg for small and large border-radius.
  • New: Added .modal-dialog-scrollable modifier class for scrolling content within a modal.
  • New: Added responsive .list-group-horizontal modifier classes for displaying list groups as a horizontal row.
  • Improved: Reduced our compiled CSS by using null for variables that by default inherit their values from other elements (e.g., $headings-color was inherit and is now null until you modifier it in your custom CSS).
  • Improved: Badge focus styles now match their background-color like our buttons.
  • Fixed: Silenced bad selectors in our JS plugins for the href HTML attribute to avoid JavaScript errors. Please try to use valid selectors or the data-target HTML attribute/target option where available.
  • Fixed: Reverted v4.2.1’s change to the breakpoint and grid container Sass maps that blocked folks from upgrading when modifying those default variables.
  • Fixed: Restored white-space: nowrap to .dropdown-toggle (before v4.2.1 it was on all .btns) so carets don’t wrap to new lines.
  • Deprecated: img-retina, invisible, float, and size mixins are now deprecated and will be removed in v5.

Checkout the full v4.3.0 ship list and GitHub project for the full details.

Head to to the v4.3.x docs to see the latest in action. The full release has been published to npm and will soon appear on the Bootstrap CDN and Rubygems.

Introducing responsive font sizes

Responsive font-sizes

Our biggest new addition to Bootstrap in v4.3 is responsive font sizes, a new project in the Bootstrap GitHub org to automate calculate an appropriate font-size based on the dimensions of a visitor’s device or browser viewport. Here’s how it works:

  • All font-size properties have been switched to the @include font-size() mixin. Our Stylelint configuration now prevents the usage of font-size property.

  • Disabled by default, you can opt into this new behavior by toggling the $enable-responsive-font-sizes boolean variable.

  • font-sizes are entirely configurable via Sass. Be sure to read the docs for how to modify the scales, variables, and more.

While responsive font-sizes are disabled by default, we’ve enabled them in the custom CSS that powers our docs starting with v4.3. Please share feedback with us via GitHub issues or on Twitter. We’ve added some light guidance to our Typography docs to explain the feature. You can also learn more by reading the rfs project documentation.

Open Collective

Last December we launched our Open Collective page with our v3.4 release to help support the maintainers contributing to Bootstrap. The team has been very excited about this as a way to be transparent about maintainer costs (both time and money), as well as recognition of efforts.

Branches, Hugo, and jQuery

Right after shipping v4.3, we’ll be tackling a few key changes on our road to active v5 development. These are larger changes to how we maintain and develop Bootstrap and are considered foundational for v5.

  • Improving our branches for development. master will become our new v3-dev branch. v4-dev will stay as-is, but we’ll cut a new master branch from there to develop v5.

  • We’re moving to Hugo! Jekyll has been great, but it’s starting to slow us down in local development. We’ll be making changes to our dependencies to support this move, and there’s already a pull request in progress and near completion for the change. Follow along to see what’s changing.

  • We’re dropping jQuery for regular JavaScript. The cat is out of the bag—we’re dropping our largest client-side dependency for regular JavaScript. Similar to the Hugo move, we’ve been working on this for a long time and have a pull request in progress and near completion.

We’ll have even more to share soon around v5’s plans after we tackle these bigger items. In the meantime, keep the feedback coming on GitHub and Twitter!

Bootstrap 4.2.1

@mdo December 21, 2018

Look out world, we’re shipping Bootstrap v4.2.1 with a slew of new features, bug fixes, and docs updates. On the new features side, we have spinners, toasts, switches, and (finally!) touch support in the carousel. That’s just the tip of the iceberg though.

Heads up! v4.2.0 was incorrectly published to npm, so we’ve had to immediately turnaround a v4.2.1 release. npm i bootstrap@latest should now return 4.2.1. Apologies for the inconvenience!

We’ve crammed months of work into v4.2.1 with over 400 commits since our last v4.1.3 release. As mentioned in our v3.4.0 release last week, we’re working to decouple our releases from my direct involvement to improve the shipping cadence. Expect more improvements there in 2019.

Keep reading for highlights and some insight into how we’re getting to v4.3 quickly, and then into v5 (woo!).

What’s new

Here are the highlights of what’s new and updated in v4.2.1.

Bootstrap toasts

  • New: Added a new spinner loading component.
  • New: Added new toast component for displaying notifications.
  • New: Added a new iOS style switch (a modifier class to our custom checkboxes).
  • New: Added touch support in our carousel component.
  • New: Added .font-weight-lighter and .font-weight-bolder utilities.
  • New: Added .text-decoration-none utility class.
  • New: Added .modal-xl modifier class for our modals.
  • New: Added new negative margin utility classes (e.g., .mb-n3). These rad new classes not only allow you more control over your general spacing needs, but also allow you to create responsive grid gutters at each breakpoint.
  • New: Validated form fields now have feedback icons on :invalid and :valid fields. Disable them with the $enable-validation-icons boolean Sass variable (defaults to true).
  • New: Added a new versions page to our docs.
  • New: Tooltips/Popovers work with Shadow DOM.
  • Updated: Redesigned the custom checkboxes and radios for more obvious states.
  • Updated: bootstrap-grid.css now includes our margin and padding utilities for full control of our grid system.
  • Updated: Changed auto columns (e.g., .col-auto) from max-width: none to max-width: 100% to prevent content from causing a column to overflow the parent.
  • Updated: Improved rendering of custom selects, ranges, file input, and more.

Checkout the full v4.2.0 ship list and GitHub project for the full details. Up next is v4.3 with some bugfixes, a few new modifier classes and variables, and some new utilities.

Head to the v4.2 docs to see the latest in action. The full release has been published to npm and will soon appear on the Bootstrap CDN and Rubygems.

What’s next

We have v4.3 already planned, so that’s our immediate focus. However, while we’re developing that in the v4-dev branch, we’ll be getting our plans in order for a v5 release.

Bootstrap 5 will not feature drastic changes to the codebase. While I tweeted about the earnestness to move to PostCSS years ago, we’ll still be on Sass for v5. Instead, we’ll focus our efforts on removing cruft, improving existing components, and dropping old browsers and our jQuery dependency. There are also some updates to our v4.x components we cannot make without causing breaking changes, so v5 feels like it’s coming at the right time for us.

Stay tuned for a preview of the plans for v5 in the new year. We’ll share via an issue, ask for feedback, and then settle in to development mode.

Happy holidays, and happy new year to everyone! Thanks for continuing to make Bootstrap an amazing project and community.